![]() There are a couple of good reasons for doing that. While following the steps above should mean that your PHP redirects execute securely, if you are in the position of using multiple PHP redirects, it is probably time to rethink the structure of your site. The second approach – using JavaScript – is a little more elegant and certainly looks more professional: ("") īoth of these approaches will execute a little slower than an immediate header() redirect, but are arguably more flexible. ![]() ![]() The first approach – using would look like this: You can either use the HTML element to redirect from within the HTML portion of your page, or use JavaScript. There are two main approaches to doing this. Though PHP redirects are typically executed more quickly than other types of redirect, and can, therefore, be an important tool in improving website speed, there are other options available. Given all these issues, you are probably wondering why you would use a PHP redirect at all. You should check the PHP manual to make sure that you understand what you are doing, as well as checking the W3C documentation to ensure that you are following best practice.Īnd whilst you are catching up on your reading, make sure to also protect a website from common vulnerabilities: if you are already in the position of having to use PHP redirects, it’s likely that your site’s security will need an audit. Check The Documentationīeyond taking the basic precautions above, you should take some time to read the documentation on using PHP redirects before you publish them. In practice, and until this situation is resolved, use HTTP 303. HTTP 303 is unfortunately understood as “other” by many browsers and can cause problems with indexing your page through search engines. HTTP 301 indicates a permanent redirect, which might cause you problems with restoring your original page. Unfortunately, the correct code to use is a point of contention. The best practice when building PHP redirects is therefore to specify the code that is returned. You should not allow it to do that, because many web browsers implement this code in a way that is totally at odds with the way that it is supposed to function: they essentially use the GET command instead of performing a “real” redirect. The third problem with standard PHP redirects is that PHP’s “location” operator still returns the HTTP 302 code. Unfortunately, at the moment there is no real way around this problem, short of keeping a careful overview of where your redirects are pointing. This means that if you are working on your PHP through a website builder, you may end up breaking all of your redirects. That’s because some website builders collate and rename PHP pages. RFC 7231 allows you to use both, but you should be extremely careful when using relative redirects. Next, let’s talk about relative and absolute URLs in redirects. The way to do that is to append die() or exit() after your redirect: header("Location. That’s why you have to stop processing the rest of the page, in case the redirection is ignored. ![]() If, in other words, you are using a header redirect to protect a particular page, it offers you no protection at all. In summary, the problem is that crawlers and bots are able to ignore headers, and so the page you thought you were redirecting away from is totally accessible to them. Die() and Exit ()įirst, you should use the die() or exit() modifier every time you use a redirect. So let’s look at how you can use this function correctly. While it might seem simple, when it comes to the header() function, the simplicity of the code can lead developers into a false sense of security. That means it should come before the declaration, before any Java, and before any PHP code. This header function should be put before you pass any HTML or text to your users’ browsers, so it should be right at the top of the page. To do that, you use the function to send a new URL, like this: header('Location: '.$newURL.php) Most guides will tell you that to make a PHP redirect you can just use the header() function at the top of your pages. In this guide, we’ll show you how to make a PHP redirect that doesn’t cause big problems further down the line. In reality, though, using this function is not as simple as it seems. If you’ve been through our introduction to PHP 7.4, and our guide on how to build a website in 5 minutes, you’ll be aware that the header() function can be used to easily redirect a user to another page. PHP redirects are an incredibly useful tool, but they can also be dangerous if not implemented correctly. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |